Home > Latest News > News Article

NewsPrint Version

BARCLAY MIS PROTECTIVE SERVICES: ALERT HIGH LEVEL PRIORITY: Australian brands used to trick people into installing malware

Australian brands used to trick people into installing malware: CERT Australia: Alert Priority High

CERT Australia has reported a surge in activity using Australian brands to trick people into installing malware, such as Trojans, via malicious attachments to emails or links to malicious website URLs.

People are reminded to keep their operating system, applications and security software up-to-date, as well as applying updates as they become available, updating their spam filters and exercising caution when opening email attachments or links in emails. If in doubt, confirm the legitimacy of the email via a telephone call.

The recent surge in activity makes use of Australia Post, the ASX Clearing House Electronic Subregister System (CHESS) and BPAY to trick users into installing the Rovnix Trojan. The malware aims to extract sensitive information from the infected computer, potentially for use in criminal operations.

The fake Australia Post email purports to come from addresses such as admin@australia-post.net or [various names]@postline-au.net, and from Australia Post, Post Australia or Tracking Parcel. The subject typically refers to parcel details or tracking and includes a variable four to six digit number.

The ASX CHESS email comes from a unique address and incorporates a subject with the first part 'Cancelled Clearing House Electronic Subregister System'. The subject ends with variable information claiming to involve transactions or transfers, case or dispute numbers and a variable four digit number.

The BPAY version includes the subject 'BPay Transfer Case Number 3689051' and states: 'The recent transaction (ID: 186668361), recently initiated from your checking account, was cancelled by the Electronic Payments Association.' It includes a table purporting to state the BPAY processing case ID, the transaction amount and the 'reason of abort'. The email then asks the user to open an enclosed file – which turns out to be a malicious Word document.

There also been similar emails to the above purporting to be coming from PayPal with the same or similar content.

Author: David Banks
Category: Scam Warning
Posted: Monday 5 Jan 2015, 13:43
Barclay MIS Protect & Collect
   Newsletter sign up   Name   Email